Application Security Consultant – Mid-level

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Collaborate with technology teams to ensure security is integrated from the solution design stage.

• Engage with development teams, providing guidance on security best practices and adherence to Information Security policies.

• Advocate for the implementation of best practices and tools endorsed by NIS.

• Conduct security assessments as part of the Application Readiness Review (ARR) process.

• Act as a consultant on various topics related to application security.

• Assist in risk mitigation initiatives alongside risk managers and information security stakeholders.

• Evaluate application vulnerabilities and establish mitigation strategies.

• Carry out security assessments utilizing vulnerability analysis tools, scanners, and code reviews.

• Evaluate risks, threats, and the effectiveness of mitigation strategies.

• Aid development teams in achieving a balance between security measures and delivery timelines (time-to-market).

• Partner with various technical and business stakeholders.

• Ensure alignment of business requirements with security frameworks and architectures.

⛳️ Requirements

• Experience in software development (Development, Quality Assurance, Architecture, or Application Security).

• Familiarity with cloud infrastructure (Cloud Engineer, Site Reliability Engineer, Infrastructure).

• Understanding of application architecture patterns (MVC, Microservices, Event-driven).

• Knowledge of OWASP Top 10.

• Proficiency in application security and web architecture.

• Experience with programming languages and development in both web and mobile contexts.

• Proficient in code analysis tools (SAST / Source Code Analysis).

• Knowledge of processes for addressing code vulnerabilities.

• Experience in vulnerability analysis and risk management.

• Technical expertise in Application Security.

• Understanding of cloud and service hosting.

• Familiarity with Identity and Access Management (IAM).

• Knowledge of data protection practices.

• Experience in endpoint security and cybersecurity operations.

• Awareness of ISO 27002 standards.

• Understanding of cloud architecture and container deployment.

• Experience in risk assessment and business impact analysis.

• Proven ability to collaborate with multiple stakeholders.

• Skill in translating business requirements into effective security solutions.

🏝️ Benefits

• Opportunity for remote work.